Regular and timely patches against 0day vulnerabilities: The protection rules used by Alibaba WAF are tried and tested and cover the latest vulnerability patches, which are updated in a timely manner and synchronized globally immediately after release.

User-friendly observation mode: Provides observation mode for newly launched businesses on the website. In this mode, a suspected attack only triggers a warning, instead of a blocking action, in a bid to facilitate the statistics of business false alarms.

Protection against HTTP flood attacks

Manages the access frequency from a single source IP address by using re-direction verification and human/machine identification.

Provides a user-friendly configuration console that supports condition combinations of common HTTP fields such as IP, URL, Referer, and User-Agent to form precise access control policies. Also supports anti-leech protection, website backend protection, and so on.

Combined with common web attack protection and HTTP flood protection, access control helps to create multiple layers of protection to suit a variety of needs to identify legitimate and malicious requests.

Virtual patches

Adjusts web protection policies to enable swift protection before patches are released for rectification of web application vulnerabilities.